Identity theft stats & facts: 2019-2020

Identity theft is a major problem for consumers, resulting in billions of dollars in financial losses each year. Here are several key stats that help put a face to the continuing threat posed by identity theft.

*This list is regularly updated with the latest identity theft statistics for 2019 – 2020 (plus a few earlier stats thrown in). To date, we have compiled over 50 identity theft facts, figures and trends from a wide range of sources and covering a number of different countries.

As the world continues its relentless march toward all things digital, data is increasingly exposed. Each individual consumer’s’ personal information now resides on dozens, if not hundreds of servers across the globe. With that fact comes a somewhat obvious result: an increase in identity theft.

Data theft is big business, although there was some good news in 2018. According to Javelin Strategy, the number of identity theft victims in the US fell by 15 percent, from 16.7 million victims in 2017 to 14.4 million in 2018.

Additionally, Javelin Strategy found that children are increasingly the victims of identity fraud. While children have long been a target for Social Security Number misuse and credit card fraud, it appears the impact is growing. The security firm found that over 1 million children were ID theft victims in 2017.

For 2017 through 2019, identity theft statistics have taken center stage among the many stats and facts encompassing the entire realm of cybercrime. While ransomware gains more attention, identity theft remains much easier to pull off and monetize. Social security numbers, credit card numbers and other personal identity factors can be stolen and sold on the dark web, or used by criminals for quick and easy profit gain.

The following identity theft statistics are categorized to help get a better feel for how and why this threat continues to be a problem for consumers, businesses, and governments worldwide.

Increasing risks, exposures, and loss values

As data from the Javelin Strategy’s recent Identity Fraud Studies have shown, identity theft isn’t going away. Although the number of victims fell by the start of 2019, other stats are up.

Cybercriminals still find it relatively easy to access consumer data. There were over 9,600 reported data breaches in the US between 2008 and 2019, for example, with over 10 billion records stolen during that time frame. The numbers reveal that contrary to efforts to stem the tide of data theft, thieves are learning new ways to bypass protections, while consumers are facing even more risks and exposures to data theft.

We’ve compiled a list of the latest identity theft statistics:

Thankfully, just 5.66 percent of US consumers were victims of ID fraud, a decline from 2018. (Source: Javelin Strategy)

A decline in fraud overall is thanks to more adoption of EMV chip-based credit cards, which cannot be copied by card skimmers. (Source: Javelin Strategy)

Americans are significantly more likely to be victims of identity theft than anyone else. Over 791 million identities were stolen in the US in 2016. France was far behind in second place with 85 million identities stolen. (Source: Symantec)

143 million Americans faced an increased risk of identity theft after a major Equifax hack stole millions of Social Security Numbers, birthdays, addresses, and even some drivers license numbers. (Source:The Motley Fool)

A key area that saw lots of new activity over the years is account takeovers, which increased 61% over 2015, totaling 1.4 million incidents. Account takeovers occur when thieves gain to access someone’s accounts and change the contact and security information. (Source: Javelin Strategy)

Symantec also notes that 87 percent of consumers have left their personal information exposed while accessing emails, bank accounts or financial information, another issue that could be mitigated through the use of a VPN. (Source: Symantec)

The lack of personal WiFi protections coincides with the fact that 60% of consumers feel as though their personal information is safe when using public WiFi. (Source: Symantec)

A 2017 report from the Australian Payments Network revealed that people over the age of 55 are common targets for phone and email scams, and are increasingly targets of scams conducted over social media. (Source: Australian Payments Network)

The Consumer Sentinel Network (CSN), which collects data from the FTC and local law enforcement agencies across the U.S., found that identity theft represented 13 percent of the more than 3 million criminal complaints recorded in the system. This number was just behind imposter scams (slightly more than 13%) and debt collection complaints (28 percent). (Source:FTC)

“Theft of data” continued to be responsible for the most stolen identities in 2016 and the chief cause of data breaches (nearly 92 percent). (Source: Symantec)

According to a CSID survey, 52% of small businesses don’t invest in cyber risk mitigation, believing that they don’t store any private information. However, 68% at a minimum store email addresses, which is one potential entry vector for hackers. (Source: CSID

CSID also found that 31% of surveyed small businesses are not taking any active measures to mitigate cyber risks such as data breaches and hacking. (Source: CSID)

According to Equifax Canada, Millennials are the top target for fraudsters. Nearly half of all suspected fraud applications are for those between the ages of 18 and 34. (Source: Equifax)

An Experian survey discovered that half of all American adults believe that identity thieves are not interested in people with poor credit. (Source: Experian)

43% of surveyed adults in the U.S. admit to shopping online over public WiFi. (Source: Experian)

33% of surveyed adults in the U.S. admit to sharing their account names and passwords with others. (Source: Experian)

Cifas announced that identity fraud in the UK is reaching “epidemic levels” with fraud incidents occurring at a rate of 500 per day. (Source: Cifas)

While all types of identity theft reporting were lower in 2017, according to FTC data, there was more credit card fraud and phone or utilities fraud. The FTC received over 133,000 credit card fraud reports in 2017 and over 55,000 phone or utilities fraud reports. (Source: FTC)

An increasing number of fraud victims are not getting reimbursed. Javelin found 23 percent of fraud victims did not get their money back, which is 3 times more than in 2016. This is primarily due to a shift toward New Account Fraud. (Source: Javelin Strategy)

Credit cards and Social Security Numbers are still top targets for thieves

Credit card fraud is nothing new. Yet the introduction of the credit card a half-century ago quickly became an opportunity for thieves. Still, it wasn’t until the introduction of e-commerce in the mid-1990s that stealing credit card information became far too easy. Now, rates of what is known as “card-present” fraud (where a fraudster is using a physical copy of the skimmed card) are going down, thanks in no small part to the introduction of the EMV chip. However, CNP or “card-not-present” fraud events may soon rise dramatically.

Alongside the ongoing threat of Social Security Number theft, it’s easy to see why identity theft as a whole is not going anywhere. The following statistics and facts reveal why both credit card and Social Security Number theft are still problems.

In Australia, 2016 data revealed that proprietary debit card fraud resulted in AU $23.7 million in losses, an increase of AU $0.8 million over 2015. Counterfeiting/skimming as well as lost and stolen card fraud also increased. (Source: Australian Payments Network)

A surprising 13 percent of those who reported identity theft to law enforcement did not want a police report taken. (Source:FTC)

40 percent of all data stolen from data breaches in 2016 was Personal Financial Information. This was a 6 percentage point increase over 2015. (Source: Symantec)

“Card-not-present fraud” is far more prevalent than traditional credit card fraud. Thanks to the increasing popularity of online shopping, card-not-present fraud is now 81 percent more common than point-of-sale credit card fraud. (Source: Javelin Strategy)

A startingly 13 percent of UK consumers believe it is acceptable to use someone else’s credit card without their permission to shop online. (Source: Symantec)

A further 17 percent believe it is acceptable to use a false email or someone else’s email to identify themselves. (Source:Symantec)

Identity theft statistics reveal the problem is not going away

Identity theft is increasingly a 21st-century problem. As more data moves off of physical paper and onto Internet-connected servers, the chances of that data getting stolen increases as well. While “malicious outsiders” remain active in stealing data (and by extension, loss of credit card numbers and Social Security Numbers), consumers share a good part of the blame for their lost data. Nevertheless, there are some positives that have emerged in response.

Thankfully, Consumers are getting slightly better at detecting fraud attempts. Javelin Strategy and Research found that online shoppers tended to be quick at identifying fraud attempts. Surprisingly, 78 percent of fraud victims were able to detect fraud within a week’s time.

Still, identity theft prevention appears to be on the rise despite savvier consumers. Data breaches show no signs of decreasing. And unfortunately, consumers still appear to be less than proactive when it comes to securing their private information.

Good question, Sam. US companies are, in fact, legally required to encrypt personal data. This is why they’re required to report data breaches, and are on the hook for fines when data is lost or stolen. Medical data, in particular, has extra data protection standards under HIPPA, but other forms of personal data are required to be protected as well.

Why so much emphasis on the “dangers” of using public WiFi? The overwhelming majority of e-commerce sites, and all banks/financial institutions, use end-to-end HTTPS. This means the traffic over WiFi is encrypted, whether the WiFi itself is public or not.